Security Incidents mailing list archives
RE: New Attack / New Vulnerability?
From: Quarantine <Quarantine () GSCCCA ORG>
Date: Wed, 27 Feb 2002 14:40:11 -0500
A Google search points to Nimda traffic, and TruSecure actually reported this specific DLL in their alert from September 19, 2001(http://www.trusecure.com/html/tspub/hypeorhot/rxalerts/tsa01024_cid177. shtml). The DLL is for Microsoft SharePoint Team Server (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/spsdk11/In tro/overview.asp). -----Original Message----- From: Sterling Moses [mailto:sterling () silversoftwareinc com] Sent: Wednesday, February 27, 2002 12:11 PM To: incidents () securityfocus com Subject: New Attack / New Vulnerability? Is there a new vulnerability out? We monitor hundreds of financial IIS servers and have noticed many requests for the following: GET /_vti_bin/owssvr.dll 404 These requests originate from multiple IP addresses, and hit different machines on different networks. Based on the traffic and number of entries I can guess these are not targeted attacks, but seem to be opportunistic in nature. Any information would be helpful. Sterling. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: New Attack / New Vulnerability? Matthew F. Caldwell (Feb 27)
- <Possible follow-ups>
- RE: New Attack / New Vulnerability? Quarantine (Feb 27)